Windows

5 things Microsoft should do to secure Windows 7

Many businesses and home users have decided to skip Windows Vista and wait for Windows 7. Vista's security improvements have been only minor and incremental. Some fundamental changes need to be made to avoid the same mistakes with Windows 7.

There is a lot Microsoft can do to help make its Windows 7 operating system a commercial success. Jason Hiner offered his opinion on how it can do so in Sanity Check: Five things Microsoft has to do for Windows 7 to succeed, and I have my own opinions on the matter as well.

To go beyond immediate commercial success, and deliver on its promises of a genuine, effective focus on security, Microsoft must do more than just appeal to the masses. It must give its operating system design, development, and management policies a complete overhaul. Only time will tell whether MS Windows 7 will meet those requirements, or be found wanting. Five such changes are described here:

  1. Use standardized, peer reviewed tools and protocols for all security related functionality. Microsoft has one of the best known "not invented here" cultures in the software industry. While Microsoft does use a lot of code that wasn't invented there, it never uses it unchanged and, when possible, buys out the creators before incorporating any of that outside software into what it sells. Even in the rare case that Microsoft uses something whose continued development it doesn't really control, the company takes on code that cannot be taken back, continues development internally, and changes its functionality in some often startling ways that usually break interoperation with other branches of the same code base -- as in the case of adopted code like the BSD Unix network stack and MIT Kerberos. This contributes to much of Microsoft's security woes, as it then cannot really share advances with outside developers. It takes on a greater weight of code to maintain, and doesn't add in the additional, free development efforts that could come with it. Because of this, the security characteristics of its remote login tools, encryption functionality, and network protocol implementations has been suspect at best, essentially from day one. Leveraging the tremendous breadth and depth of peer reviewed, best of breed, well tested tools that can be had -- freely, in most cases -- is key to producing an operating system people can trust.
  2. Implement true, comprehensive, architectural privilege separation. Microsoft's operating systems have seen significant evolution over the years, from the early days of MS-DOS all the way to MS Windows Vista. Anyone can easily see that major changes have been wrought. One change that seems to happen over and over again is the addition of true privilege separation to the system architecture, protecting key parts of the system from unauthorized access by users who are supposed to be unprivileged. This "seems" to happen over and over again because it has not actually happened yet; some superficial changes are made that appear to address the problem of privilege separation, but by the time the next release of MS Windows hits the market the fact that privilege sepration was never really achieved in the interim has become common knowledge. For such a change to take place, Microsoft is going to have to let its attempts to maintain a stranglehold on how people use their computers slip a little bit, and stop looking for ways to allow Microsoft software to circumvent the security functionality of other Microsoft software.
  3. Start taking vulnerability patching seriously. Seven years is just too long for a severe vulnerability like the SMB flaw that was first discovered at least as long ago as March 2001. The fastest patch turnaround time for any Microsoft security fix was MS06-001, when Microsoft distributed a patch ahead of schedule only ten days after Microsoft officially learned of the vulnerability. The SQL Slammer worm, which brought much of the Internet to its knees in 2003, was patched by Microsoft long before it became a threat -- but if the patches were applied out of the order in which Microsoft intended them to be applied, later patches would uninstall earlier patches, leaving your computer vulnerable (and Microsoft blamed the admins for not effectively patching their systems). Meanwhile, the standard for which Microsoft should be aiming is that of open source projects that routinely produce stable, effective security patches that don't break things in under a week -- sometimes in a matter of hours. Before MS Windows 7 security can really be taken seriously by most security professionals, this is a serious problem area that must be addressed. Microsoft recently released a patch for MS Windows 7 pre-beta before the pre-beta was released, which looks like a good sign, but it may also be a one-time aberration. Only time, and attention to Microsoft's behavior in the near future, will tell.
  4. Don't let backward compatibility trump default security. It's understandable that Microsoft wants to support backward compatibility for its customer base, and I applaud the effort to ensure such compatibility in and of itself. That doesn't mean that misfeatures that compromise security should be allowed to trump default security, however. If something that can compromise security absolutely must be included, it should be a configurable option, and not the default setting. It should also not, under any circumstances, require fundamental compromise of the system's security on an architectural level. A related concern is that of the security of default settings in general -- such as the unacceptably high number of unnecessary services running by default in a fresh install of MS Windows. I'd love to no longer have to write articles about things that should be turned off before you even think about connecting a network cable to your computer.
  5. Change the business model. Yes, really -- this is, in fact, a security matter. Microsoft's security model is in essence a financial manifestation of the old security through obscurity fallacy. Not only is that a broken model, but chasing after the mirage of that kind of secured revenue creates a conflict of interest between revenue stream "security" and actual system security, to the detriment of the company's customer base. As the IT industry and software market continue to change in the next few years, the conflict of interest that represents will become even less defensible, because the "traditional" business model will become less and less viable. It's time to make a change. Windows 7 may not be the place to jump headlong into a new business model, but Microsoft definitely needs to make some bold strides in that direction at least. Jason Hiner is on the right track with his admonishment that Microsoft should make MS Windows 7 it's last shrink-wrapped OS. The alternative is to continue to damage Microsoft's reputation amongst home computing consumers and business customers.

Of course, if the last decade has proven anything about software marketing and security, it is that good, secure software design, vulnerability management policy, and other security concerns for software vendors are often of little importance in determining market share. An image of acceptable security seems to be easier to manufacture than actual security is to achieve, and Microsoft has met with great success in manufacturing such an image.

There are those who look past the shiny marketing facade, however, and will not simply take Microsoft's self-serving statements at face value. To satisfy their desire for security, Microsoft will have to do some things differently with Windows 7.

About

Chad Perrin is an IT consultant, developer, and freelance professional writer. He holds both Microsoft and CompTIA certifications and is a graduate of two IT industry trade schools.

57 comments
steve.goodison
steve.goodison

One thing MS could do is use MetaFortress. It is a black box, application security solution which injects a self-checking topology into source code during compilation. The protected product itself is able to stop all tampering attempts with granularity down to single byte changes in the exe or libraries. If there's a change of any kind in the exe or the libs, the application will stop working immediately, whether the change is made to the disk image or the memory image. There is also the capability of preventing library substitution, another favored tactic of the nasty hacker. The novelty here is that it is impossible to remove any sections of code, especially those sections that contain the license calcs, and then use them outside of the app. Metafortress also prevents pirates from debugging the app. Good luck to the hacker. Performance is practically unchanged, pre and post protection.

jim
jim

If Microsoft wants to push out updates in a timely manner they need a way to implement Online Updates. Basically no OS restarts unless the kernel itself is seeing a major change. They started to implement it a while back but never followed through with it.

njic
njic

I know enough to be dangerous, I can usually tough my way through fixes without contacting India, but I'm not a computer tech guy. Wthere isn't there a second processor that loads a security package from a PROM that only monitors what the computer is doing and stops it before it trashes your system? Why does the OS allow software to send e-Mails when I'm not typing and haven't been for two hours? Why isn't fixing a virus isn't as simple as rebooting? Why does the OS allows registry changes to the system when you aren't installing software from a CD or other installable package? Why does the OS need a registry at all? When I click on the software to run that package can't it load everything it needs at that time? Or at the very least some kind of ini file that lives in the software's own directory? Why do I need to hit ctrl-alt-del and figure out what processes are running and which I can shut down? Why are so many processes running in the background? What is all that stuff? Why do I need to buy software to figure that out? Why is the update list for XP three screens long? Why can't I just run in a "safe mode" when surfing the net so if I click the wrong link on the "dirty backdoor nurses" website it won't do anything to my system? Why do i need to spend money on zone alarm at all? Now, I know you rabid MS troopers will tell me most everything I described is possible in XP. What I want to know is why it isn't doing that stuff to keep me safe right out of the box?

CharlieSpencer
CharlieSpencer

Attempts at answers to a few of your questions: "Wthere isn't there a second processor that loads a security package from a PROM that only monitors what the computer is doing and stops it before it trashes your system? Why isn't fixing a virus isn't as simple as rebooting?" Both of these prevent future updates. A security package on a PROM would be difficult for the home user to update, and if you don't update it then it quickly becomes obsolete as new threats appear and change. Rebooting to fix a virus would require the OS to also be on a chip. This would also be difficult to upgrade for the home user, although it would certainly eliminate licensing issues. In both cases, the delivery method of updates would still be via the Internet, and false or malicious updates could still be distributed via social methods. "Why does the OS allows registry changes to the system when you aren't installing software from a CD or other installable package?" Because the registry is also used to store application preferences (among other things). If you change settings, either application or operating system, those changes are updated in the registry. Change the wallpaper, update the registry; change the application window size and placement, update the registry. I agree that this stuff should be stored in an application-specific file. "Why is the update list for XP three screens long?" That depends on how often you update it. The more frequently you update, the shorter the list will be. If you only go to the grocery once a year, your shopping list is going to be a lot longer than if you go once a month. Coincidentally, once a month is at least how often you should run the Windows Update or Microsoft Update utilities. Why can't I just run in a "safe mode" when surfing the net so if I click the wrong link on the "dirty backdoor nurses" website it won't do anything to my system?" You can, at least in XP Pro, but that wouldn't solve the problem. Boot to 'Safe Mode with Networking' option. Unfortunately, booting to any variation of 'Safe Mode' means you are logging on as the local Administrator account, and that means you're still vulnerable to accidental malware installation. Hope that helps clear up

njic
njic

"Both of these prevent future updates. A security package on a PROM would be difficult for the home user to update, and if you don't update it then it quickly becomes obsolete as new threats appear and change. Rebooting to fix a virus would require the OS to also be on a chip. This would also be difficult to upgrade for the home user, although it would certainly eliminate licensing issues. In both cases, the delivery method of updates would still be via the Internet, and false or malicious updates could still be distributed via social methods." I think I'm seeing the basic problem here. We need to define "threat." "Threat" would be code you get via clicking the wrong thing, installing software you downloaded from a shady site, or from someone's thumb drive. Why can't I put the system into a mode where it does *nothing* unless I'm asking it to install something I know where it came from? I can't expect the OS to protect me from reckless behavior, but I can expect it to protect me at all times if I say, "put on the condom, don't do *anything* under any circumstances while its on." As a consumer what I am looking for is a system that will run the apps I need for business (word, excel, qb, a CADD pkg, a PLC programming pkg, outlook, etc.) and let me surf the web for the information I need, troll for leads, and occasionally look at naked chicks. I really don't care if I can see the latest flash graphics on a website, run the latest active-x controls, or play games/enjoy media. I just want the thing to work without so much input from me on a security front. I'm flat out guessing half the time and that is not what I'm paying for. "That depends on how often you update it. The more frequently you update, the shorter the list will be." Sorry I wasn't clear, I meant the list in the "add/remove programs list. I let windows update whenever it asks to, but I like to see what it is up to. I had to uninstall SP3 on my 5 year old laptop (1 mb RAM) as the OS became such a resource hog I couldn't even work anymore and all I do is run excel and check my e-Mail from a browser. As a consumer, all I want is to not have to think about security. I should be able to install my apps to a "read only" section of the disk where it will also reference an ini file when i run it. Then I want to be able to press one button for "clean up" and the system will F disk the OS and reinstall clean from a designated Read Only area of the drive where the basic OS resides. I want to surf the web in a "safe mode" where NOTHING I click on can hurt me because the OS or the security will not allow any changes to the OS area or boot list unless it has a security tag of some type. This kind of thing CAN happen. This is a question of WANNA. MS has the resources to make something like this available I realize UNIX or Linux or whatever it is can probably be made to do something similar, but unless it is made for idiots like myself, it may as well not exist.

Neon Samurai
Neon Samurai

A mode where Windows confirms everything before it happens would be even more inconvenient for the user than Vista?s confirm/deny constantly. To implement that type of function properly, it would have to be done from the first design meeting on through the whole project not as a last minute afterthought thrown in. Since MS is not likely about to do that, the best they can do is a bolted on after though which only makes the user feel safe and inconvenienced rather while the underlying issues remain exploitable. Not inconveniencing the user as so far been far more important than starting over and designing a modern OS for networked environments (NT doesn?t cut it.) A VM as other?s mentioned is probably your best bet since you can lock the VM image and start fresh with each reboot. The downside of that is malware that can recognize the VM environment and break out of it into the physical host machine. With something like Mandriva 2008 (32 bit), you can get your flash, email, browsing and other functions though the brand names may not be the same but it depends also on how open to learning you are. I wish your feelings as a consumer where more common. If the market truly voted with it?s wallet, and the market where in a healthy condition then the consumers would be able to get that but as it stands now, MS has no financial incentive to really do software right; good enough is all they need to provide to make the sale and more expenses would upset the more important share holder even if it did benefit the customer. Windows places updates in the Add/Remove encase you do want to remove the patch for some reason. You can use something like CCleaner which will clear out the old update entries and reduce your add/remove list along with space consumed by temp install/uninstall files. Use at your own risk though; CCleaner does a good job of explaining warnings though. The result will also be not having the entry to uninstall SP3 and such though so be sure you want to stick with the update before you blow away the entry and uninstall files. What your looking for as a consumer is not any modern incarnation of Windows though. You sound like someone who would do well with an internet appliance either managed by a local town tech or remote service provider (I?d go with the former if possible). Mind you, this removes your access to Administrator/Root so it becomes a tradeoff. The other issue to consider is that us arrogant apes are very clever. Someone with ill intent will eventually find a way to make use of your system in an unwanted way unless turned off and barried in the back yard. (the machine I mean not the malware writer.. but? ;) ) If you are able to download files and burn an ISO to a CD then I?d recomment trying a few of the more user friendly Linux base OS live CDs. They can boot your computer without touching your hard drive so if it doesn?t work for you, you just hit the power button and remove the disk. Mandriva is my preferences. Other?s like PCLinuxOS while Ubuntu is the popular kid on the block that most have heard of if any at all. Actually, the Mandriva One liveCD (recommend 2008.1 version) is probably what you want; a clean system off each reboot that can surf the web, access email and edit documents and display flash and multimedia.

apotheon
apotheon

1. There are other reasons one doesn't have an image of the OS on a chip, to be automatically reloaded every time you start the computer. For instance, when I buy a computer, I generally want the hardware -- not the software configuration it came with. Considering one of the first things I have always had to do with an MS Windows system after purchase was to remove a bunch of crap, change a bunch of settings, and install a bunch more security crap, I wouldn't want to have to do that every damned time I rebooted the computer. There are ways to get the same behavior, though. MS Windows itself offers a quick rollback capability, though it's not a well secured system. If you really want that kind of protection, though, the way to do it is to maintain the bootable OS on a server somewhere, and do updates to it on the server rather than on the desktop system -- then have the desktop system netboot from that server. Make sure the core OS as stored on the server cannot be changed from the desktop that netboots that OS, and you'll have roughly the security that was asked -- but you'll still be able to get security updates and install software. Couple this with server-managed filesystem integrity auditing (on yet another server that is even more strictly locked down) so that someone compromising the box won't be able to compromise the integrity auditing system's filesystem image, and you can get all that was asked, including automatic roll-back with some admin scripting. Of course, this is all much easier to achieve with a Unix-like system than with MS Windows, at this point. 2. The registry is a horrible, terrible idea, and as long as it is loaded up as a monolithic, universal system configuration database the way it is now, it will always be a glaring signifier of the complete lack of effective privilege separation in the design of MS Windows. This whole problem is solved neatly by the Unix approach of using per-application configuration files -- which allows, among other things, for each file to be "owned" by its respective application's individuated "user" account. Privilege separation for the win. 3. Is that what was meant by "the update list" -- the Patch Tuesday updates offered by Microsoft? Well . . . part of the reason the list often gets so long is that Microsoft is still locked into a set of policies and a business model that makes it very difficult to offer timely system updates, which means it has to offer them on a schedule that causes the updates to come out in bunches. If you're talking about the updates that must be applied when you first install the OS, another problem to keep in mind is that, when the OS is installed from CDs burned or pressed at a factory, boxed, shrink-wrapped, and shipped through three layers of distributors before finally landing on a shelf at Best Buy, there has been a lot of time for updates to build up. Furthermore, to keep costs down, an enterprise like Microsoft has to only create a new disk image from which to create install CDs as rarely as it can, so even if your specific CD was pressed or burned a month ago, it may very well be from a disk image created more than a year ago. By contrast, a distribution model that allows everything to be gotten online eliminates a lot of the overhead, and an open source development model can help eliminate or mitigate the rest of the overhead. Even without adopting an open source development model, though, Microsoft could achieve some of the same (positive) effects if it were to adopt a business model that is compatible with an open source business model, by giving away the software itself but offering timely updates (and support) through a low cost subscription service. For customers, this would be all benefit in terms of the software received, and for the company it would be all win in terms of revenue generated -- because only people who care so little about security that they'll take pirated software from any old shady source at all will refuse to get the timely updates they need from an official, verifiable source. Of course, if it adopted that business model, there wouldn't really be any good reason left to avoid adopting an open source development model -- except keeping the last dregs of crap like DRM and embedded in the code. 4. I don't think he literally meant "Safe Mode" in the MS Windows sense of the term. I think he just meant an operating mode that is "safe" -- i.e., offers the kind of restricted system access that comes with true privilege separation.

apotheon
apotheon

1. Netbooting is within the reach of at least [b]some[/b] home users -- but probably not for the sort of home user you're thinking about. So, yeah -- good point. 4. Good point about the virtual machine option -- which, by the way, solves a [b]lot[/b] of the problems he brought up, such as serving as a halfway decent replacement for a netboot system as an answer to number 1.

CharlieSpencer
CharlieSpencer

1. "the way to do it is to maintain the bootable OS on a server somewhere" Which is a great idea for a business but isn't within the reach of a home user. 4. I think he literally meant Safe Mode, but we'll have to wait and hope he replies with clarification. If he didn't, the easiest way to handle it in a Windows environment is a virtual machine. On the other hand, if you know how to set up a vm, you probably know what sort of security precautions to take in the first place.

santeewelding
santeewelding

You are so improbably good so improbably often that I have to turn what you say inside-out as a matter of strict due diligence. And, yes, that other article was pretty good (has it been a year?).

Tony Hopkinson
Tony Hopkinson

To do all that sort of thing and more you need to do it from the ground up. I believe Apotheon has an article somewhere with a good analogy usig house security somewhere in his Blog. Basically windows has a decent lock, on a paper door in house made out of eggshell mounted on stilts with no floor, and that's just the front door. MS add an extra tumbler to the lock, and tell you it's more secure. Not factually incorrect but misses the point, a bit. :p Windows is still a desktop with a single user operating system (DOS) bundled inside it. Add in the spread of versions, backwards compatibility and a sh1t awful monolithic design, and you get the answer to why.

apotheon
apotheon

"[i]I believe Apotheon has an article somewhere with a good analogy usig house security somewhere in his Blog.[/i]" I think the article you mean is [url=http://blogs.techrepublic.com.com/security/?p=274][b]10 (+1) reasons to treat network security like home security[/b][/url]. I just read it again, for the first time in more than a year, and I realized I'd written a pretty good article.

apotheon
apotheon

Most of what you describe is actually remarkably similar to stuff Unix-like systems do by default (edit: or, in one or two cases, isn't as effective as what Unix-like systems actually do). A few are a trifle less easy to provide "out of the box" for reasons that depend on complexities difficult to explain to someone without a strong technical background, though.

support
support

Chad: Great pionts; each, I think, accurate and relevant; Here's my two cents on each point: 1-Expand this point to include "A radical change in the fundamental architecture of the OS"; LOOSE the REGISTRY MODEL; Microsoft must go to the blackboard and write this phrase 2billion times; LOOSE THE REGISTRY. I can't begin to list the reasons in year of constant effort but this item belongs with your Point #1. 2-Bravo: Is there a single architect at Microsoft old enough to know about virtual OS's that ran kernel processes in separate, protected address and storage with enough authority to actually steer the evolution of this OS to where the OS actually runs in protected mode? Seems like a good idea to me! 3-See #1 and #2. Do this and #3 will become less and less important. Nonetheless, good point, 7 hours maybe but not 7 years. 4-Let's face it, MS's idea of security is a collection of bandaids until the registry is gone and applications don't require any priviledge or protected mode space. I'm tired of changing user privildeges based on the next application that requires admin priviledges to parent folders, registry hives or a combination of both. See my comments for #1 & 2! 5-Brilliant point. I am hoping for the day when our business culture finally remembers that if you build a product that performs to expectations set by the highest standards, you can trash your marketing department because you won't be able to make the product fast enough! Great products sell themselves, especially in this connected, communicative age. Thanks, All, for indulging me in these thoughts. Ciao, Steve

Tearat
Tearat

Something they must do is end the user account without a password flaw If there is no password provided the user account will not be created A change of password should be refused until a new password is provided Also if by some chance there is a user account that has no password it must not be enabled until a password is provided They could provide a better way to allow people to use automatic logon if they cannot cope with the huge pain of typing in a password when they first logon

Tony Hopkinson
Tony Hopkinson

and no at least remote root login to me is a must. The security hole that auto login causes could be controlled a lot better then. Autologin is something I've never been comfortable with. Other authorisation methods than username/password could be opened up though. Fingerprint recognition, smart card, other types of biometrics, either for more security, or for ease of access for the disabled.

Tearat
Tearat

Don?t expect quick replies from me anymore I have less time now Auto login/logon is a simple solution to the lazy people who cannot be bothered to put in the small effort that is typing a password It is not something I like but it provides a solution to a problem There are times when I need to have a PC turn itself on, logon, carry out a task then shut down I do not want to add extra or third party software to do the same thing But almost everyone else has no need for that (high 90% of users) The biometric equipment will need to be tested from time to time Smartcards could be the best choice There is a type of RF card they are trying for some cars The person only has to have it on them and the locking device will detect it when they are in range In XP home they did the administrator a little better than in the pro version I would like to see that taken to an extreme You can only use the administrator account in safe mode with no networking and all other accounts are disabled and their folders are locked They should lock them to keep the nasties in. Not to keep you out The administrator folder should be deleted by the system when you shut down so a new one can be created next time Speaking of safe mode That should be separate from the normal system None of the files used in safe mode should be used for anything else No files other than the protected safe mode files should be loaded The safe mode files should be inaccessible in normal mode I don?t expect any of that to happen with Windows 7 or any time in the near future Cheers Steve

sar10538
sar10538

1. But that defeats lock-in. 2. Doing that would spoil the warm fuzzy user experience. 3. 10 days, woop-de-do!!! And it wouldn't be Windows without the foot-in-mouth patching fiascos. It's too complex now, too many patches, no trust that the patches won't screw things up, and the WGA. 4. Ah! The millstone round the neck. They should, of course, plan what is needed for the foreseeable future and work with those plans so they don't have to keep changing things. And throw all the backwards compatibility away. But that would not sell new software and make profits. 5. Change the business model!!! Now go and wash your mouth out... That would never do. Top of the list in the MS mission statement "Make sure no one does to us what we did to IBM". Can't let the buggers get a foothold you know. To give this all up would take an awful loot of pruning at MS and Bill would be turning in his grave. Your article touches all that is wrong right now but I really don't expect to see any change because it's just the way that MS works and wild horses wouldn't pull them away from that sadly :-(

apotheon
apotheon

All that you say is on the money, of course. I have one item to point out, though: Spoiling the "warm fuzzy user experience" with true privilege separation wouldn't ruin that user experience any more than UAC already has, and that didn't even really provide meaningful security.

sar10538
sar10538

Let's face it, UAC was just a ruse by MS to push the blame for any damage from MS to the user. MS were fed up with getting it in the neck for all the malware infestations so they just made it so that any time this could happen a nice little box comes up which gets the user to accept responsibility for any future problems. MS fixed nothing! They did not even ask for a password to perform the potentially dangerous action and they made it easy for people to even turn UAC off. So at the moment a box comes up and the user click OK or just turns it off for the even more comfortable warm fuzzy experience. Fixing the thing properly will make a difference to that.

Tony Hopkinson
Tony Hopkinson

A typical piece of bass ackwards MS monolithic design philosophy. It's why they have a monolithic design in the first place, short term, it's cheaper....

apotheon
apotheon

"[i]Shoddy is what it is, the thing is if they came up with this cunning plan once, they did it again. It's guaranteed.[/i]" MS software is rife with these problems. For instance, RPC should not be a requirement for local login. . . . but it is.

Tony Hopkinson
Tony Hopkinson

dependency, is some lazy/cheap arse development. They needed a function, it wasn't in the code base. Instead of rethinking or putting it in they used an 'existing' service. This was MSDE, not sure whether it pertains to express, or the full products. It gets better though. MS's installer doesn't do a dependency check. It falls over, right at then end and then rolls back silently. The log file you get, is absolutely full of incomprehensible drivel (looks like a console writeline debug file from a nervous developer). Somewhere in there there's an error with a code, don't look for error though, there are a lot of them. Google the code, error text is useless, and eventually you'll find an article telling you you have to install file and printer services on your database server. Shoddy is what it is, the thing is if they came up with this cunning plan once, they did it again. It's guaranteed. I know if I'd have done something like this without permission from management, in writing and witnessed before notaries, they'd have sacked my ass. Correctly as well.

jmgarvin
jmgarvin

I've never understood that. Why does MS have some many strange prerequisites that are totally meaningless?

Tony Hopkinson
Tony Hopkinson

I can think of a few other things that could be scraped off as well. It might even promote some better design practice. Having to install and enable File And Printer Sharing to sucessfully install SQL MSDE is still one of my all time favourite classic MS screw ups. MS take way too much advantage of their monolithic design philosophy, so I suspect that something so superficially simple could cause them major problems.

CharlieSpencer
CharlieSpencer

If they're going to have home and business versions, don't just make the business version a superset of the home version. The business version should exclude UAC, games, Outlook Express, all those entertainment apps, Windows Firewall, and all that other stuff that techs and admins immediately scrape off before they create the disk image. It should be designed with the understanding that the computer is going to be on a professionally managed network, with the assumption that the end users only use the computer and don't maintain, service, or support it. I left two cents in the collection box.

Tony Hopkinson
Tony Hopkinson

So aside from installing our daily build which I don't do daily or the occasional regedit for the old stuff, I don't see it there either. If I'm working from home and I need to remote into our box that does the building I get one then. Average two a day at most. Our admin guys are much less sanguine about it, and are quite obviously having more problems. Every now and again they forget I'm not on XP and take me out of their Vista twiddles group, which does screw me up. Had to have it at work so I could develop for it, bought it for home, because I got a good deal on my new box. Box was pre-installed, from a custom building outfit. So all things being equal it can work, it is more secure out of the box than XP (I know that isn't that much of a whoopy-doo) and it has been much more stable for me. I can think of one or two useful improvements myself. MS's big screw up though has always been trying to satisfy too many different requirements with one solution. This version I'm in the happy group, hasn't always been that case. XP was seriously flaky for me at work.

jmgarvin
jmgarvin

RDP into a Vista box, UAC pops up...you're screwed. UAC can screw with GPO pushes...it's just frustrating to me...It's a gimped version of sudo

Tony Hopkinson
Tony Hopkinson

and I don't run as admin so I do need to put my password in. I've had two hits I didn't expect in about a year, work and home. So for me it's not a waste of time and it's not an inconvenience. An su type facility, where I didn't get bugged every time I expected to be would be nice To me Vista without UAC on and logged in as unprivileged user, is a slow crappy version of XP. So while I'll be the first to admit it's not an ideal solution, it is much less of a problem than it used to be. Mind you getting in this state cost me money in terms of hardware and setup, and drastically restricted choices of available software, on top of my IT awareness. It's not a solution for Ma & Pa User, which is why UAC has an off button. Even MS's least technical marketing type would have had a problem with "If you turn off the security it's only as bad as XP".

apotheon
apotheon

Actually, UAC doesn't even provide that much "protection". As Microsoft's own DRM-like behavior proves, there are ways around UAC built into the system so that, even if UAC is turned off and the user never clicks the OK button, that may not prevent software from installing and other potentially dangerous changes from being made.

Tony Hopkinson
Tony Hopkinson

I think they are actually going to do it, after all these years. Not expecting it all in one go mind...

Tony Hopkinson
Tony Hopkinson

UAC became privilege separation, so you can turn it off. How would you implement privilege separation in windows. I'm pretty convinced it would be near impossible in a monolithic architecture, and a near total waste of time if you did. MS have been on the backwards compatibility route for so long, all their users expect it. Look at all the honking Vista has caused, true separation, you'd be lucky if any existing application even loaded never mind sort of worked, and once in, there's no flicking a switch and letting things work as usual. I think UAC was the best they could do, and I think it was the best they dare do. They can back it out or they can bite the bullet, that's it. Vista has shown them the halfway house is made of cards. So even if they were that dumb, their customer base has proved more intelligent than they hoped. What scares me most, is I am not inconvenienced by UAC, in fact it's 'saved ' me twice. To MS, I'm job done, fortunately I'm in a very small majority. :p

sar10538
sar10538

The problem is that Windows is still really nothing more than a single user OS and so much of the stuff that should be in user space is really in kernel space. That's where they really need to work on things. Once you can run multiple full user Windows sessions on a single instance of Windows, with full separation of everything between users and the kernel, then there will be a different situation. Right now you get to run one GUI per running OS as so much of it is running kernel space just to get the speed up.

apotheon
apotheon

The terrible mess they made of UAC has a much simpler explanation than a staged approach to real privilege separation: They pasted on a superficial feature that looks like privilege separation to maintain a marketable appearance of caring about security, but to do so in a way that people can deactivate very easily to eliminate the inconvenience of it. Why introduce inconvenience actually [b]worse[/b] than should be imposed by real privilege separation, [b]without[/b] actually introducing the privilege separation itself, as a precursor to introducing the privilege separation? There isn't any sense in that. No, I think it's more likely that they decided to just "give those idiots what they want" (or, more to the point, what Microsoft execs think we want) -- a feeling of security. A company run by marketing can't tell the difference between the truth and the lie, as long as people believe the lie.

jmgarvin
jmgarvin

The "real" registry is a sys prep registry, while the "user" registry is modified by the users. The user NEVER gets to modify the "real" registry...ever....

V
V

Microsoft bought SoftGrid, and is coming soon as App-V. It's just what we've been waiting for.

jmgarvin
jmgarvin

I'm not going to hold my breath that MS knows that they can do good things and make Windows a great OS. With that being said, 7 could either help MS gain their good name back or be the last nail in the coffin of MS's stranglehold on the market.

Tony Hopkinson
Tony Hopkinson

:( That's like choosing which testicle to get hammered flat.

V
V

I haven't got round to doing anything about it. I've got better things to do with my time than muck about with dull things like Databases. Like getting up to speed with DotNetNuke.

apotheon
apotheon

Why do you "need" MS Access?

V
V

It remains to be seen if they really have learned from their mistakes with how they marketed Vista as the best OS on the market. When, to many, it was glaringly obvious there were problems which should never have reached the final shrink wrapped product. Ubuntu/Fedora/SuSE are fine alternatives, but I don't like having to run a virtual machine just to use Access/Excel. OpenOffice still hasn't got equivalent features that I rely on daily.

interflex
interflex

I work for a law firm as the Sys Admin for about 80 users. Everyone is on XP using Office 2003/2003. I would not dare install Vista based on all the negative feedback. I run Office 2007 on my laptop and cannot believe that MS so dramatically changed the look and feel. We use custom Macros and there is no way to have them show up as a separate tool bar. I consider my users to be hardcore Word and Outlook users. I need to have an OS and Office version for hardcore office users. No crap pop ups, who cares about organizing windows, and we don't require any fading crap either. Just solid and secure!

Tony Hopkinson
Tony Hopkinson

in Vista and effectively killing a lot of backwards compatibility was to give the hardware and software developers for windows a warning shot. True privilege separation is coming, things that you could get away with, will no longer work. If windows 7 doesn't follow through, then it will fail worse than Vista. Those who stuck with XP will keep it and most of those who coughed up for Vista won't see any overall benefit at all. The only other option, is to back off and revert to the XP 'security' model. Aside from some poor muppet, having to say they screwed up big style, security is the fastest growing IT concern. Even basic appliance users are taking it seriously, given they are MS's bread and butter.....

LarryD4
LarryD4

Didn't we do this already?

apotheon
apotheon

I'd like to see where "this" was done already.

Neon Samurai
Neon Samurai

it was months ago now and the OS was called Vista. ;) hehe.. well, this is the way of propriatary software. The old version is not pushing the profit spike on the graph so it's time to start hyping the new version. Personally, I do hope it's half the improvement that it's going to be spun as. Even if they only hold too the promise of a fully modular design; it'll be an improvement.

Sterling chip Camden
Sterling chip Camden

... the improvements will be minor. Essentially Vista with slightly better usability, reliability, and performance. Lipstick on a pig.

Neon Samurai
Neon Samurai

hehe.. I couldn't resist but like every new Windows release, there will be much hype and promise to daydream about until the "retail" quality release deflates our months of speculation.

apotheon
apotheon

The things I first heard about MS Windows 7 were amazing -- much like the first things I'd heard about Longhorn were amazing. Just as with Longhorn there was a gradual attrition of meaningful changes until we ended up with Vista, I figured Windows 7 wouldn't live up to even half its claims, if that much. Then, the next bunch of news I heard about 7 suggested I was right to be cynical: all that was left was the sort of "improvements" you listed. My more realistic expectation is that it'll fail even to live up to those promises in any consistent fashion. The consistent failure of any MS Windows version to provide the kind of security improvements over its immediate predecessor that would make it more than a joke in the security community just makes me tired, these days. What bothers me most is the fact that so many people take what Microsoft says about its software at face value, though, and believes all the nonsense about improved security. Look at the legions of people who believe that just because UAC keeps asking for a password the system must provide some kind of meaningful privilege separation. I only hope I can help fortify people's expectations against weak marketing BS by providing a short list of improvements that will have to be made before anyone should really take any MS Windows release seriously -- improvements that I know, deep down inside, won't be made unless and until Microsoft undergoes a serious shake-up internally, and completely changes its approach to software development and marketing. MS execs talk about how security is priority one all the time, of course, but from what I've seen it's just talk.